Cover your assets: APEC's Privacy Framework

It used to be that one could spend hours, driving from bank to office to shop, queuing to see a bank teller, paying bills, shopping around for the best prices or learning to use new products and technologies. Now, most of that can be done through automated systems - online or on the telephone, all at the touch of a few buttons. Technology saves money but, more importantly, it saves time and effectively returns a degree of freedom to users.

That is, provided that remote transactions are secure.

Less personal than snatching a wallet or handbag, "borrowing" strangers' identity numbers, bank details or credit card numbers is a bourgeoning industry. According to an American study ⁱ conducted in 2008, identity theft grew by 22 percent over the previous year, affecting almost 10 million citizens. Of these cases, 11 percent were attributed to insecure online transactions.

Some theorists correlate the rise to a worsening economy. Prolonged unemployment and grim forecasts mean that survival demands a degree of innovation. Others point simply to the sheer volume of personal information stored in databases across the globe and the scope of possibility for "opportunistic crime".

Privacy threats not only have a negative impact on commercial enterprises but, in fact, to entire economies. If consumers feel that their privacy is not protected, they will be reluctant to carry out transactions. That translates to lower sales, fewer collaborations and, quite simply, less business. For less developed economies, the effects are magnified. Low levels of trust discourage foreign investment and cripple the growth of local industry.

Alternately, and the assumption upon which APEC's Privacy Framework is founded, an atmosphere of trust leads naturally to the free flow of goods and services and more profitable business at every turn. The relevance of trust is all the more pronounced in the Asia-Pacific, where economies range from very low to extremely high levels of development. Regional growth depends on commonly held standards and a good dose of predictability.

Although the concept is relatively simple, the challenges are numerous and complex.

Explains Google's Global Privacy Counsel, Jane Horvath:

"While most of the major economies have laws and regulations and/or principles about security, they are in no way uniform or consistent... In a world of global data flows, what countries have jurisdiction over the data? Is it the country where the data is stored or the country where the data is collected; the country where the entity is headquartered or doing business?"

Companies like Google are also concerned by issues of sovereign authority. If laws vary according to location, where data is collected or stored could have major implications on privacy rights.

In its simplest form, the APEC Privacy Framework outlines reasonable expectations of the modern consumer as to how their privacy interests should be protected. APEC economies are then able to share best practices and harmonise legal standards so that sharing consumer information across borders does not become a source of risk to consumers, businesses or governments.

"We are trying basically to create an environment of partnership," says Russ Schrader, Associate General Counsel of Global Enterprise Risk and Chief Privacy Officer for Visa, explaining the fundamental need to coordinate at every level.

Because it is flexible and non-binding, the APEC Privacy Framework has been subject to varied interpretations. While some economies have classic data protection and privacy laws with independent supervisory authorities others may use hybrid approaches or implement measures in stages.

Mexico, as an example, launched Trustmark, a collaborative effort of the Mexican Association of Internet, the Ministry of Economy and the Federal Attorney's Consumer Office ⁱⁱ. In effect, Trustmark is a warranty that websites are legally established companies, committed to protecting personal data, and is awarded to companies that include in their policies the nine principles of the APEC Privacy Framework, such as the prevention of harm and other security safeguards. To date, an approximate 250 Mexican websites hold a Trustmark, ranging from small and medium enterprises to well-known transnational corporations.

Because privacy protection measures are relatively new to some economies, technical assistance is provided to those which need to establish and develop regulatory and policy infrastructure. This support benefits both emerging economies as well as the established investors who wish to do business with them.

The most enduring challenges have to do with moderation: how to achieve the maximum level of privacy without impeding the flow of information necessary to maintain the sort of monetary transactions that are vital to trade and economic growth. And, how can governments guard against potential breeches without discouraging the conception and use of more advanced interactive media?

Clear standards and harmonious laws form the foundation of a response that can evolve and accommodate challenges flowing from a technological Pandora's box. Through the framework, economies are able to address such challenges as a united front, rather than a random collective of unilateral approaches. And where there are less cracks, that front is less easily penetrated.

View the APEC Privacy Framework here.